Fortify Static Code Analyzer
"Build secure software fast. Find security issues early and fix at the speed of DevOps."
Contact UsMailUs for Help
Developer-driven static application security testing
Developers find and fix security defects in real-time during the coding process, with integrations to IDEs such as Eclipse or Visual Studio. Gamified training supports developers' ability to create secure code.
Cover languages that developers use
Support for 27 major languages and their frameworks, with agile updates backed by the industry-leading Fortify Software Security Research team. Enable compliance with broad vulnerability coverage, including 810 vulnerability categories for SAST (Static Application Security Testing) that enable compliance with standards such as OWASP Top 10, CWE/SANS Top 25, DISA STIG, and PCI DSS.
Automate security within your CI/CD pipeline
Automate security in the CI/CD pipeline with Swagger-supported RESTful APIs; GitHub repository; plugins for Bamboo, Visual Studio Team Services, and Jenkins; and integration with open source component analysis tools. Software Security Center enables organizations to automate all aspects of an application security program.
Fix at the speed of DevOps
Drill into source code details with our rich analysis results, enabling you to quickly triage and fix complex security issues. Audit Assistant reduces manual audit time by removing up to 90% of false positives with machine learning-assisted auditing. Audit Workbench enables rich analysis and automated triage.
Scale your AppSec program
ScanCentral enables scaling with a static analysis farm that can meet the changing demands of the CI/CD pipeline.
Scan with flexible deployment. Fortify SAST is available on premises, as a service, or in hybrid mode to fit your business needs. Start quickly and expand your AppSec program centrally.